Malicious actors have been spreading malware stealer strains via AI-generated YouTube videos, an issue that has been increasing in the cybercrime landscape. These propagated malware stealer strains include Raccoon, RedLine, and Vidar.
According to a security researcher, the operation involves YouTube videos pretending to be tutorials for people looking to download pirated versions of applications and software. YouTube has been a popular distribution channel for threat actors to spread malware strains since most people rely on the platform for many subjects, including tutorials.
The operators attach links to the malicious videos via URL shortener tools, such as Bit[.]ly and Cuttly. In some cases, hosting platforms like MediaFire, Discord, GitHub, Google Drive, and Telegram are also used in these campaigns.
Numerous legitimately-owned YouTube channels have been hacked to spread malware through malicious videos.
Researchers have also noticed incidents where threat actors hijack YouTube accounts owned by their channel owners to push malware into victims. Since these legitimate channels have a wide reach of an established audience, they leverage them to trick people into installing info-stealing malware into their devices.
Even though most YouTube channel owners immediately report the hack to get their accounts back, researchers still warn that the short period that the hackers have access to the accounts could have already victimised people.
Separate studies also reveal that about five to ten malicious video tutorials are uploaded to YouTube every hour, implying how probable it is for several people to fall victim to the campaign. To add hints of legitimacy to the malicious videos, the threat actors also include fake comments that could further trick people into falling prey.
Security researchers advise people to refrain from installing cracked versions of software and applications and instead download them through the official websites. Users must also avoid clicking suspicious links and enable MFA on their online accounts.
